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BACKGROUND OF THE IIWENTION 



1. Field of the Invention : The present invention generally relates to data base 
management systems and more particularly relates to enhancements for providing access 
to data base management systems via intemet user terminals. 

2, Description of the prior art : Data base management systems are well known in the 
data processing art. Such commercial systems have been in general use for more than 20 
years. One of the most successful data base management systems is available from 
Unisys Corporation and is called the Classic MAPPER® data base management system. 
The Classic MAPPER system can be reviewed using the Classic MAPPER User's Guide 
which may be obtained from Unisys Corporation. 

The Classic MAPPER system, which runs on proprietary hardware also available 
from Unisys Corporation, provides a way for clients to partition data bases into structures 
called filing cabinets and drawers, as a way to offer a more tangible format. The Mapper 
data base manager utilizes various predefined high-level instructions whereby the data 
base user may manipulate the data base to generate human-readable data presentations 
called "reports". The user is permitted to prepare lists of the various predefined high- 
level instructions into data base manager programs called "Mapper Rxms":. Thus, users 
of the Classic MAPPER system.may create, modify, and add to a given data base and 
also generate periodic and aperiodic reports using various Mapper Rxms. 

However, with the Classic MAPPER system, as well as with similar proprietary 



data base management systems, the user must interface with the data base using a 
terminal coupled directly to the proprietary system and must access and manipulate the 
data using the Mapper Rim command language of Classic MAPPER. Ordinarily, that 
means that the user must either be co-located with the hardware which hosts the data base 
management system or must be coupled to that hardware through dedicated telephone, 
satellite, or other data links. Furthermore, the user usually needs to be schooled in the 
command language of Classic MAPPER (or other proprietary data base management 
system) to be capable of generating Mapper Runs. 

Since the advent of large scale, dedicated, proprietary data base management 
systems, the internet or world wide web has come into being. Unlike closed proprietary 
data base management systems, the internet has become a world wide bulletin board, 
permitting all to achieve nearly equal access using a wide variety of hardware, software, 
and communication protocols. Even though some standardization has developed, one of 
the important characteristics of the world wide web is its ability to constantly accept new 
and emerging techniques within a global framework. Many current users of the internet 
have utilized several generations of hardware and software from a wide variety of 
suppliers from all over the world. It is not uncommon for current day yoxmg children to 
have ready access to the world wide web and to have substantial experience in data access 
using the intemet. 

Thus, the major advantage of the intemet is its xmiversality. Nearly anyone, 
anywhere can become a user. That means that virtually all persons are potentially 
intemet users without the need for specialized training and/or proprietary hardware and 



software. One can readily see that providing access to a proprietary data base 
management system, such as Classic MAPPER, through the internet would yield an 
extremely inexpensive and universally available means for accessing the data which it 
contains and such access would be without the need for considerable specialized training. 

There are two basic problems with permitting internet access to a proprietary data 
base. The first is a matter of security. Because the internet is basically a means to 
publish information, great care must be taken to avoid intentional or inadvertent access to 
certain data by unauthorized internet users. In practice this is substantially complicated 
by the need to provide various levels of authorization to internet users to take full 
advantage of the technique. For example, one might have a first level involving no 
special security features available to any internet user. A second level might be for 
specific customers, whereas a third level might be authorized only for employees. One or 
more fourth levels of security might be available for officers or others having specialized 
data access needs. 

Existing data base managers have secxirity systems, of course. However, because 
of the physical security with a proprietary system, a certain degree of security is inherent 
in the limited access. On the other hand, access via the internet is virtually xmlimited 
which makes the security issue much more acute. 

Current day security systems involving the world wide web involve the 
presentation of a user-id. Typically, this user-id either provides access or denies access in 
a binary fashion. To offer multiple levels of secure access using these techniques would 
be extraordinarily expensive and require the duplication of entire databases and or 
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isuusiHuiirtJ puj uuji^i mereuu Jii geiiemi, uic HuvHiiiHgesi ui utiir^iug Lxie wujiu wiuc wcu 
ill ibis ifishiuii lo dcccsi; n prupjieiary uitin base arc uirccliy uepcuueul upon ibe accuracy 
aiiu piecisiuii ui Lbe sccuiily system iuvulveu. 

Tbe sccuuu iiiajoi piuuleui is iuipuscu by tbc inlcruel piulucol ilself. One of tbe 
5 CiiaiaCiciisiios of iiie iiUciiiel wiiicli iiiakcS ii SO univciSai is tliat aiiy siiigic iiajiSaCiiOii iii 
HTML language cuinbiiies a single transfer (or request) rroni a user coupled witb a 
single response Iiom lbe internet servei. In general, tbere is no means for linking 
multiple transfeis (or lequests) anu multiple responses. In tbis mannei, tbe internet 
utilizes a tiaiiSaCtioii inOuci wiiicii inay be icfciicu tO as "stateless". Tiiis liinitatiOii 
.hIO ensures tbat tne mternet, us users, anu us seivers remain surucieniiy inuepenueni uuring 
12 opeiation tbat no one entity or group of entities can unduly delay oi "bang-up" tbe 

y communications system or any of its major components. Eacb transmissions lesults in a 

m tciriiiiiatiOii of tbc tiaiiSactioii. TiiuS, tiicic is iiO gciiciai puipOsc rncaiiS tO link data 

}^ fioni one iniernei transaction to anotber, even ibougb in certain specialized applications 

^15 limited amounts of data may be coupled using "cookies" or via attacbing data to a 
specluc niivri.^ screen. 

Kowcvci, soiiic of iiic iitost powci fui data basc inariagciriciiL fuMctioris or sci vices 
of necessity rely on coupling uaia from one transaction to anotber in dialog fasnion. In 
fact tbis nuking is of tbc essence of mapper Runs wbicb assume cbange of state fioni 
20 one command language statement to tbe next. True statelessness fiom a first Mapper 
corritnaiid to tbe iiext or subsequerit Mappei coirunaiid would pieclude riiucb of tlie 
power of Classic MAFFER (or any otber modern data base management system) as a 




UHin babe uiHiiagemeiit tool aiiu wuuiu eliuiiimie unia Imse uiiiuagexueiil irib now kiiuw 
ii. 




The picsciii iuveuiiou uvcicuuics iLc uisauvnulitgcsi of ilic piiui iiii uy piuvidiug ti 
uJCLuou of aiiu rtpprtiiilu5> iui uiiliziiig ilie puwci uf it full fcaiuicu uitiii Imsic umiicigcmciil 
SySlciii by a uSci ai a ieiiiiiiial COupicu tO iiic wOilu wide web Oi iulciiiei. iii Oiuci tO 
pciiiiit Huy such access, iiie piescui iuveiiiiuii luusi liisl provide a user interface, called a 
gateway, wbicli tiauslates tiausactiuii data transferred from the usei uver tlie iuteruet iu 
HTivlL format into a foiniat from which data base management system commands and 
inputs iiiay be gciieiatcu. Tiic gateway iiiust also COiivci t tlic data baSc inaiiagciuciil 
system responses and outputs into an KTML document for display on the user s iniernet 
terminal. Tiius, as a minimum, the gateway must make these format and piotocol 
conveisions. In the pieferrcd embodiment, the gateway resides in the web server 
coupled to tlic uSci via the woi id wide web and coupled to piopi ictaiy data baSc 
TTianagCmCrit SyStCui. 

To make access to a proprietary data base by internet useis piacticai, a 
sophisticated security system is required to prevent intentional or inadvertent 
uiiautlioii^eu access to ilic sciisitivc data of an oiganiz.ation. As discussed above, Sucii a 
security system should provide muiiiple levels of access to accommodate a variety of 
authoriz;cd usei categories. In the preferred embodiment of the present invention, rather 
than defining several levels of data classification, the different classes of users are 
managed by ideiitifyiiig a secuiity profile as a portion of those service requests requiring 
access to secure data. Thus, the security profile accompanies the data/service to be 
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accesseu. i ue uiiei siuijjiy ueeu pioviue a usei -lu wuicu cuneiaies to uie accciib 
peuJiiUcu. This peiiiiiis cci miu ievcisi of uaLa lo be accessed by uiic oi mure ui the 
iicveiai ciasises of usei. 

lu the piefeneu mode of piacliciiig ibe pies^eui iiiveiilioii, each usei-id ii> 
COiiciaicu wilii a hccuiiiy pioiiic. *^poii picpaiaiioii oi me sciviuc icCjucsl which 
provides iiiieruel access to a given poriioii of the data base, Ihe service request deveioper 
specifies which security profiles are peiuritteu access to the data or a portion thereof. 
The service lequest deveioper can subsequently modify the accessibility of any security 
piofilc. Tiic utility of tiic SySterii is gicatly ciiliariCed by pci inittiiig iiic Sci vice iequcSt 
iu deveioper to provide access to predefined portions of the data, rather than being limited 
to peiuiit or deny access to all of the data involved. 

vVheieas the gateway and the security system aic the nliniiliuui necessary to 
penViit tiic riioSi i udinicntaiy foi ili of CoiiiiHUiiiCatiOii between tiic iriiei iict tci fiViiiai of 
ihe user and the proprietary daia base management system, as explained above, the 
15 internet is a "stateless" communication system; the addition of the gateway and the 

security system do not change this statelessness. To unleash the leal power of the daia 
base nianageiuent Sysicni, the coniniuuicatioii piotocol between ilic data base aiiu the 
user requires functional interaction between the various daia transfers. 

The pieseut inveuiion adds state mauagenrcnt to this euvironment. Instead of 
20 considering each transfer fiom the internet user coupled with ihe corresponding seiver 
response as an isolaied tiansaciion event as ucuned by the world wide web, one oi nioie 
related service requests may be functionally associated in a service request sequence as 



uefiucu by the uiiici base iiiaiiiigeiiieui siysiieui iuio a dialog. 

A lepuiiiiury ib esiabiibiicu iu sioic ihe siaie of iiie service icquesi s^cqueiice. As 
sudi, ilie icposiloiy caii store iiiiciuieuialc rcquesls aiiu respojises, as well as oilier uala 
associated witli ilic seivice request sequence. Tuus, the repository bulfers coiimiaiids, 
data, aiiu iiiieiiiicdiaie piouuClS uiilizcd iii loiiiiailiiig Subscqueiii data base iiiaitagciiieiii 
service requests and in formailiiig subsequeiii HTML pages to be displayed to the user. 

Tbc transaction data iu KTML foinial received by tne server uoni the user, along 
with the state infornialion stoied in the icposiiory, aie processed by a service handler 
into a Scquciicc of seivicc icqucSiS in the coiiiniaiid laiiguagc of the uala base 
nianagenieui sysieiu. Sequenchig and control of the data base rnauagenient system is via 
an adiriiuistration module. 

Tlirough the use of the repositoiy to store the state of the seivice request 
sequence, the seivice haridler to generate data base iiianagciiieut commaiid language, 
and the administration module , ihe world wide web user is capable of performing each 
and eveiy data base management function available to any user, including a user from a 
pioprietaiy terminal having a dedicated communication link which is co-located with the 
proprietaiy data base management system hardwaie and software. In addition, the data 
base management system user ai the world wide web termiuai is able to accomplish this 
in the HTML protocol, without extensive training concerning the command language of 
the data base management system. 
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oiviurr i^E^o^^ivir 1 iv/i^ v/r inn* L#iv/\tvii'^oa 

Otbci objects of Ihc picj>cut iuvcuiiuu aiiti iimijy uf uie diiciiuaiii auvaiitdges) of 
ujc picscui iuvciiiioii will be icauiiy appicciiileu its ilic sciiuc becomes betlei uiiueisloou 
by icfcieiicc to ilic lollowiijg uclailcu ueSciiplioii wiicii Coiisideied iii COuiiectioii willi ilic 
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accouipaiiyiug uiciwmgs, m wmcii iikc leiereiicc uumeiiiis uesigiicite uKe parts tuiouguoui 
ilie figures thereof ciuu wbeieiu: 

no. 1 iS pictogi apjiic view oi tuc ^ooi iv^r: sysiciii coupieu uctwccii n usci ou lue 
world wide web and aii existing proprietary daia base uiaiiagemeiil sysicui; 
;f^iU Fig. 2 is a SCiiciiiaiic diawiiig sliowiiig tlic opeiaiioii of a iiiulii-ievcl scCuiity 

fn system iu accordauce with ihc preferred embodimciil of the present iiivejitioii; 

yj Fig. 3 is a piCtOgiaphic view of the haidwaic of the picfcircd eiJibodiiiicrit, 

Ul Fig. 4 is a semi-scheuiatic diagiam of the operation of the Cool iCE system; 

!^ Fig. 5 is an overall schemaLic view of the software of the Cool ICE system; 

^15 Fig. 6 is a scheuialic view of a service request; 

fQ Fig. 7 shows a SchcriiauC view of a Seivicc icqueSt Sequence, 

Fig. 8 is a diagiamuiatic conipaiison between a dialog-based structure and a 
service-based structure; 

Fig. 9 is a detailed diagram of the storage and utilization of state information 
20 within the repository; 

Fig. iO is a detailed diagram showing security piofiie verification during a service 
request; 
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rig, n IS a sciieuiaiic uiagraui suuwiiig access lo a givea uaia uase using uiueieul 
sccuiily piuulcs; 

Fig. 12 is a view of iiie iuiiiai Cool ICE Auuiiiiisiiaiiuii window; aiiu 
Fig. 13 is a view of ilic wiiiuOw piOviuiijg foi ueuiiiiioij aiiu iiiOuifiCaliOii of uaia 
5 access by secuiily profile. 
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iiic pjcscui iiivcuLiuii lb ucsiciiucu Jii ciecuiuancc wiiu scvcicii piciciicu 
5 euiuOuiiiicuiS wliicli aic tO be viewed as iiluSiiauvc wiiliOuL bciiig liiiiiiiiig. TbcSc Several 
preieiTcu eiubouiuicius are based upon Series 2200 hardware and operating sysicnis, ihe 
Classic ivIAFFER data base nianagenieni system, and tue Cooi ICE souwaie 
components, all available from Unisys Corpoiation. 

Fig. i is an overall piciographic representation of a system 10 permiiiing access to 
3^0 a proprietaiy data base managemeni system via an inteinei terminal. Existing data bases 



•1 aiiu applications 12 icpicScntS cOiiinieiCially available haidwaic aiiu Soitwaie systciiis 

J which typically provide select users with access to proprietary daia and data base 

1 

1 jnanagement functions. In the preferred embodiment, existing data bases and 

^ applicalions 12 lepresents Series 2200 hardwaie and opeialing system containing one or 

:ij moic uata uases piepaicu using ^^lassic m/\rri:,t\ uata uasc iiianagemcnt system, an 

i available from Unisys Corporation. Hisioricaiiy, existing data bases and applications 12 



could only be accessed from a dedicated, direct teiniinal link, either physically co-located 
with the other systeiii elements or connected thereto via a secured dedicated telephonic, 
satellite, of fiber Optic link. 
20 With the preferred mode of the present invention, communication between new 

web application terminal 14 and existing data bases and applications 12 is facilitated. As 



discussed above, this peiuiits neaily universal access by useis world wide without 



spccittiizcu imruwaic aiiu/ui user iiitiiiiug. The user cuecis the access using siaiiuaruizeu 
riTrvIL irausdcLiuji language ihruugh world wide web iiuk 16 io ibe Coul ICE system 20, 
wiiicli selves as a wuilu wide web seivei Lu wurid wide web link 16. 

Cuui ICE system 20 appears to existing daia bases and applications 12 as a data 
5 base uiaiiagcnicnl SySiciii piOpiiciaiy usei tclniinai Ovci ucdicaied liiik IS. Oucntiiiics, 
dedicated link 18 is an intranet or other localized network link. Cool ICE sysieni 20 is 
cuijcnlly available in commcicial foini wiuioui llie present invention as Cool ICE 
Revision Level 1.1 tioni Unisys Corporation. 
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rig, L rs A uiiMC scucjiiiiuc uingiiiiii ui jsccuiiiy sysiicul ui luc piciciicu luuuc ui 
ilic picSciii iiJvciiUoii. By wny Oi CAttiiipic, ilicic iiic fOui CtticgOiicS Oi Sci vice ucuiicd, 
eacii wiih its owji fuuciioiiaiiiy ciuu pojiiuu uf Liie uiiia base. Service A 36 coiiiaius data 
auu fuuciiuiiii wiiicli siiuuiu oiiiy be made available iu cusluiiieiii. Service B 38 cuuiaiiis 
data and luiicliuuit which Miuuid uuly be uiade available lu cui>luiiiei5> ui eiiipluyees. 



Scivice C 40 cOiiiaiiiS daia aiid luiicUoiiS whicli sliOuid Oiily be iiiadc available lO 



exijpioyees, aiiu service u coiiLaiiiJiig uie icasi resitnciive uaia auu luiiciioiis uiay oe 
liiade available iu auyuue, including the general public. 
10 In a typical application, Sejvice D 42 might contain the general hunie page 



iniOiiiiatiOii Oi the cnleipiisc. It will COiiSiSt of Oiily the iiiOSi public of iiifoiiiiatioii. It is 
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ij nKeiy to mcmue tne name, auuiess, e-uian auurebs, auu pnune nuniuer or ine eutcrpriiie, 

fl along with the most public of the bui>iiiei>5> details. Usually, Service D 42 would include 

- means or presenting the information in a sufficiently interesting way to entice the liiost 

jl5 casual of the public uScj tO iiiakc fuithei iiiquiiy and thus becOiiie mOie involved with 
; the objectives of ine enterprise. Service D 42 reprcscuLs the lowest level or security with 

data and functions available to all. 

Service C 40 is potentially the highest level of classification. It contains data and 
fuiiCtiOiis whicli caii be iiiadc available Oiily to ciiipiOyecS. lii actual practice, this uiiglit 
20 entail a number of sub levels corresponding to the various levels of authority of the 
vaiious employees. Howevei, some services may be so sensitive that the entejprise 
decides not to piovide any access via the internet. This might include such things as 



SLiiiiegic pictiiiiiiig uam aiiu tooisi, auvaiiceu iiuauciai preuiciious, 5>peciiic luioiuiaiiou 
icgaruiiig iudiviuual cjiipioyccs, uiaikciiiig plans, cic. Tiie pciiaiiy for Ihis extreme 
security measuie is ilial eveu auliiuiizeu individuals aie probiuiicd uuin accessing these 
seivices via the iniernei, and they must take the trouble to achieve access via an old- 
lashioncu ucuicaicu liiik. 



customers anu employees may snare access to service o :>o. iNeverineiess, tnese 
uaia anu runctions aie suuicientiy sensitive tnat tney aie not iiiaue puuiic. ^eivice o jo 
likely provides access to pioduct speciucations, delivery schedules and quantities, and 

n rr 

yO For customer access only is Service A 36. One would expect marketing 

^ information, along with specific account information, to be available here. 

y These four seiA^ice levels (i.e., Seivice A 36, Service B 38, Service C 40, and 

y ^ 

m Sei*vice D 42) are regulated in accordance with three security profiles. Tlie lowest level 

N= of security does not require a security profile, because any member of the general public 

Li 

y5 may be granted access. Tliis can be readily seen as guest categoiy 28 (e.g., a member of 
^ the public) can directly access SeiA^ice D 42. Of course, all other categories of user may 

also diicCtiy access Service D 42, because all nicuibers of the more restrictive categories 
(e.g., customei*s and employees) are also members of the general public (i.e., the least 
restrictive categoiy). 

20 Security Profile #1, 30 permits access to Seivice A 36 if and only if the requestor 

seeking access is a customer and therefore a member of customer category 24. Members 
of customer category 24 need to identify themselves with a customer identification code 
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ill Older lo gain access. The assigniug and processing of such idenlificaiiou codes are 
well known Lo those of skill in Ihe art. 

Similarly, Security Profile #3, 34 permits access to Seivice C 40 if and only if the 
requestor seeking access is an employee and therefore a member of employee categoiy 
26. Security Profile #2, 32 peniiits access to Semce B 38 to requestors from either 
customer categoiy 24 or employee category 26, upon receipt of a customer identification 
code or an employee identification code. A more detailed description of the security 
system of the preferred mode of the present invention is found below. 
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Fig. 3 is a picioiiai diagraui of haiuwaie suite 44 of ilie piefeiied embodiineiii of 



iijc picSciJL mvcuiiOD. iilc Ciiciii iriiciiaCcS wiiii uic sysiciii vm luiciiici iciuiiucii 'fu. 
Piefeiabiy, iiileniel teimiiial 46 is an indusiiy compatible, pei^oualized coiiipulei having 
5 a cuiieot version of the Windows operating system and suitable web browser, all being 
readily available commercial products, internet terminal 46 communicates over world 
wide web access 48 using standardized HTML protocol. 

The Cool iCE system is resident in web seiver 50, which is coupled to internet 
terminal 46 via world wide web access 48. In the preferred mode, web server 50 is 
10 owned and operated by the enterprise owning and controlling the proprietary data base 
^ management system. Web seiver 50 rnay serve as the internet access provider for 

y inlernet terminal 46 wherein world wide web access 48 is typically a dial-up telephone 

: £ s 

m line. This would ordinarily be the case if the shown client were an employee of the 

s 

enterprise. On the other hand, web server 50 may be a remote server site on the 
^ 15 internet if the shown client has a different internet access provider. This would 
ordinarily occur if the shown client were a customer or guest. 

in addition to being coupled to world wide web access 48, web server 50, 
containing the Cool ICE system, is coupled to intranet 52 of the enterprise as shown. 
Intranet 52 provides the enterprise with conimunication for its internal business 
20 purposes. This communication is administered and managed by enterprise server 54 

having enterprise server storage facility 56. Tlius, employees and others granted access 
may communicate via intranet 52 within the physical security provided by the enterprise. 
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Also coupled lo iulrauet 52 is ueparluieulal server 58 having ueparliiieulai sewer 
storage facility 60. Auuitioiial deparliiieiiiai servers (not shown) may be coupled to 
intranet 52. The enterprise data and enterprise data base management seivice 
functionaUty typically resides within enterprise seiver 54, departmental seiver 58, and any 
5 other departmental seivers (not shown). Nonnal operation in accordance with the prior 
art would provide access to this data and data base management functionality via intranet 
52 to users directly coupled to intranet 52. 

In the preferred mode of the present invention, access to this data and data base 
management functionality is also provided to users (e.g., internet temiinal 46) not 
10 directly coupled to intranet 52, but indirectly coupled to intranet 52 via web seiver 50. 
As explained below in more detail, web seiver 50 provides this access utilizing the Cool 
ICE system resident in web seiver 50. 
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Fig. 4 is pictogiaphic view of the system of Fig. 3 with particular detail showing 
the organization and operation of the Cool ICE system 62, which is resident in the web 
server (see also Fig. 3). In this view, the client accesses the data base management 
system within the enterprise via internet terminal 54 which is coupled to the web server 
68 by world wide web path 66. Again, the internet terminal 54 is preferably an industiy 
standard computer utilizing a commercially available web browser. 

The basic request/response format of the Cool ICE system involves a ^'service" 
(deGned in greater detail below) which is an object of the Cool ICE system. Tlie seivice 
is a predefined operation or related sequence of operations which provide the client with 
a desired static or dynamic result. The seivices are categorized by the language in which 
they were developed. Whereas all services are developed with client-side scripting which 
is compatible with internet terminal 54 (e.g., HTML), the server-side scripting defines 
the seivice categoiy. Native seivices utilize Cool ICE script for all seiver-side scripting. 
On the other hand, open seivices may have seiver-side scripting in a variety of common 
commercial languages including Jscript, VBScript, ActiveX controls, and HTML, 
Because native services are developed in the Cool ICE language, greater development 
flexibility and variety are available with this technique. 

Web seiver 68 provides open seiver processor 70 for Active Seiver Pages (ASP's) 
which have been developed as open services and Default ASP processor 72 for native 
services. After the appropriate decoding (i.e., native or open service), a call to the 
corresponding Cool ICE object 74 is initiated as shown. The selected object is processed 
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by Cool ICE engine 76. 

Repository 80 is a storage resource for long term storage of the Cool ICE objects 
and short term storage of the state of a particular service. Further details concerning 
repository 80 may be found by consulting the above referenced, commonly-assigned, co- 
pending U.S. Patent Application. In the preferred mode of the present invention, the 
objects stored in repository 80 are typically very similar to mapper runs as described 
above. For a more detailed description of mapper runs, Classic MAPPER User Manual 
is available from Unisys Corporation and incorporated herein by reference. In the more 
general case, repository 80 would typically store predefined sequences of statements in 
the command language of the enterprise data base management system(s) to be accessed. 

Cool ICE engine 76 sequences these previously stored command statements and 
uses them to communicate via intranet 84 with the data base management system(s) 
(e.g.. Classic Mapper) resident on enterprise server 86 and departmental server 88. Tlie 
short term storage capability of repository 80 is utilized by Cool ICE engine 76 to store 
the state and intermediate products of each service until the processing sequence has 
been completed. Following completion, Cool ICE engine 76 retrieves the intermediate 
products from repository 80 and fomiats the output response to the client, which is 
transferred to internet terminal 54 via web server 68 and world wide web path 66. 

Cool ICE Administrator 82 is available for coordination of the operation of Cool 
ICE system 62 and thus can resolve conflicts, set run-time priorities, deal with security 
issues, and serve as a developmental resource. Graphing engine 78 is available to 
efficiently provide graphical representations of data to be a part of the response of a 
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service. Triis tends to be a particularly useful utility, because many of the existing data 
base management systems have relatively sparse resources for graphical presentation of 
data. 

Tiie coinbinalioii of Cool iCE engine 76 and rcposiloiy SO permits a rather 
5 simplistic seivice recjuest fiom inteinet terminal 54 in dialog format to initiate a rather 

complex series of data base management system functions, in doing so, Cool ICE engine 
76 emulates an intranet user of the data base management sysiem(s) resident On 
enterprise server 86 and/or departmental server 88. Tiiis enmlalion is only made 
possible, because reposiiory 80 stores sequences of command ianguage siaieuienis (i.e., 
iO the logic of the service request) and intermediate products (i.e., the state of the service 
request), ii is these functions which are not available in ordinaiy dialog on the world 
wide web and are Iherefore not even defined in that environment. 
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Fig. 5 is a scheuiiiUc uiagiaiii 90 uf Cnc software coiiipoiieiils of the Cool ICE 
sysieiii and the software conipoiients to which it interfaces in the preferred mode of the 
present invention. The client user of the Cool ICE system interfaces directly with web 
5 browser 92 wliich is resident on internet terminal 54 (see also Fig. 4). Web browser 92 is 
a commercially available browser operating under a current version of the Windows 
operating system (e.g., Windows 95). Tlie only special requirement of web browser 92 is 
that it be capable of supporting frames. 

Web browser 92 communicates with web server software 96 via internet standard 
yiO protocol using HTML language using world wide web path 94. Web seiver software 96 
"^ff, is also commercially available software, which is, of course, appropriate for to the web 

hj server host hardware configuration. In the preferred mode of the present invention, web 

Ui server software 96 is hosted on a Series 2200 mainframe available from Unisys 

M= Corporation, fiom which web seiver software 96 is readily available. 

Dl5 Cool ICE system software 98 consists of Cool ICE Gateway 100, Cool ICE seivice 

5 handler 102, Cool ICE administration 104, Cool ICE repository 106, and Cool ICE 

scripting 108. It is these five software modules which interface to web seiver software 96 
in HTML using a dialog format and interface to data base management system 
interconnect 110 in the command language of the enterprise data base management 
20 system(s) (i.e., Classic MAPPER in the preferred mode of the present invention). 

Cool ICE gateway 100 is the interface between standard, conmiercially available, 
web seiver software 96 and the internal Cool ICE system language and logic. As such, 
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Cool ICE gateway 100 translates the dialog format, incoming HTML service request into 
internal Cool ICE language, and protocol. Intrinsic in this translation is a determination 
of the service category (see also Fig. 4) - that is whether the service request is a native 
service (i.e., with Cool ICE server-side scripting) or an open service (i.e., with server-side 
scripting in another commercial language). 

The service request, received from Cool ICE gateway 100, is utilized by Cool ICE 
service handler 102 to request the corresponding object from Cool ICE repository 106 
and to open temporary state storage using Cool ICE repository 106. Cool ICE scripting 
108 is called to translate the server-side scripting of an open service request as necessary. 
Cool ICE service handler 102 sequences through the command language statements of 
the object received from Cool ICE repository 106 and forwards each command in turn to 
data base management system software 114 for accessing of the enterprise proprietary 
data base management system. Cool ICE service handler 102 receives each of the 
intermediate products from data base management system software 114 and transfers 
each to Cool ICE repository 106 for temporary storage until completion of the service 
request. Cool ICE service handler 102 retrieves the intermediate products from Cool 
ICE repository 106 upon completion of the service request and formulates the Cool ICE 
response for transfer to browser 92 via web server software 96 and world wide web path 
94. 

Cool ICE administration 104 implements automatic and manual control of the 
process. It provides for record keeping, for resolution of certain security issues, and for 
development of further Cool ICE objects. Interconnect 110 and interconnect 112 are 
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software interface modules for communicating over the enterprise intranet (see also Fig. 
4). These modules are dependent upon the remaining proprietary hardware and 
software elements coupled to the enterprise intranet system, in the preferred mode of 
the present invention, these are commercially available from Unisys Corporation. 
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Fig. 6 is a schematic diagram 116 showing the processing of a service request by 
the Cool ICE system. Screen 118 is the view as seen by the client or user at an internet 
terminal (see also Fig,. 4). This screen is produced by the commercially available 
5 browser 120 selected by the user. Any such industry standard browser is suitable, if it 
has the capability to handle frames. The language of screen 118 is HTML 124. 
Hyperlinks 126 is used in locating the URL of the Cool ICE resident server. The 
components of the URL are as follows. In many instances, this will simply be the 
internet access provider of the internet terminal, as when the internet terminal is owned 
yiO by the enterprise and the user is an employee. However, when the user is not an 
^ employee and the internet terminal is not necessarily owned by the enterprise, it 
y becomes more likely that hyperlinks 126 identifies a remotely located server. 

U1 Icon 122 is a means of expressly identifying a particular service request. Such use 

3 

N= of an icon is deemed to be unique. Additional detail concerning this use of an icon is 

yi5 available in the above identified, commonly assigned, co-pending U.S. Patent application. 
^ Window area 128 provides for the entry of any necessary or helpful input parameters. 

Not shown are possible prompts for entry of this data, which may be defined at the time 
of service request development. Submit button provides the user with a convenient 
means to transmit the service request to the web server in which the Cool ICE system is 
20 resident. 

Upon "clicking on" submit button 130, screen 118 is transmitted to web server 136 
via world wide web path 132. As discussed above, world wide web path 132 may be a 
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telephonic diai-up of web server 136 or it might be a long and complex path along the 
internet if web server 136 is remote from the originating internet terminal. Web server 
i36 is the software which performs the retrieval of screen 118 from world wide web path 
132. 

Screen 118 is transferred horn web server 136 to Cool ICE gateway 138, wherein 
it is converted to the internal Cool ICE protocol and language. A browser input file is 
opened at storage resource 146 via path 140. Thus the initial service request can be 
accessed from storage resource 146 during processing up until the final result is 
transferred back to the user. This access readily permits multi-step and iterative service 
request processing, even though the service request was transferred as a single internet 
dialog element. This storage technique also provides initially received input parameters 
to later steps in the processing of the service request. 

Cool ICE gateway 138 notifies Cool ICE seivice handler 156 thai a service 
request has been received and logged in. The service request itself is utilized by Cool 
ICE service handier 156 to retrieve a previously stored sequence of data base 
management system command statements from repository 166. Thus, in the general 
case, a single seivice request will result in the execution of a number of ordered data 
base management system commands. The exact sequence of these commands is defined 
by the service request developer as explained in more detail below. 

Service input parameters 170 is prepared from the service request itself and from 
the conmiaud sequence stored in repository 166 as shown by path 164. This list of input 
parameters is actually stored in a dedicated portion of repository 166 awaiting processing 



of the service request. 

Each command statement from repository 166 identified with the service request 
is sequentiaiiy presented to Cool ICE service 168 for processing via path 160. The 
corresponuirtg input parameter from scivice input parameters 170 is coupled with each 
commaiid staienient via path 176 to produce an appropriate queiy of the enterprise data 
base management system at Cooi ICE service 168. After the enterprise data base 
management system has responded to a given query, the intermediate products are 
stored as entries in HTML document 172 which is also stored in a dedicated portion of 
repository 166. 

After all command statements corresponding to the service request have been 
processed by the enterprise data base management system and HTML document 172 has 
been completed, the result is provided via path 156 to Cool ICE service handler 156 for 
temporary storage as a browser output file in storage resource 154 via path 152. Cool 
ICE gateway 138 receives the browser output file via path 148. The response is 
converted to HTML protocol and transferred by web server 136 and world wide web 
path 134 to be presented to the user as a modified screen (not shown). 
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Fig. 7 is a pictographic drawing 178 of the development process for creating a 
Cool ICE service. HTML document 180 is created utilizing any commercially available 
standard HTML authoring tool (e.g., Microsoft FrontPage). The resulting HTML 
document 180 is stored as a normal .HTM file. This file will be utilized as a template of 
the service to be developed. 

The authoring process moves along path 182 to invoke the administration module 
of the Cool ICE system at element 184. The new dynamic service is created using 
HTML document 180 stored as a normal .HTM file as a template. As HTML document 
180 is imported into Cool ICE, sequences of script for the beginning and end of the 
HTML code are automatically appended to the service. Required images, if any, are 
also uploaded onto the web server (see also Figs. 5 and 6). The service is edited by 
inserting additional Cool ICE script, as required. A more detailed description of the 
editing process may be found in Cool ICE User's Guide, Revision 1.1, available from 
Unisys Corporation and incorporated herein by reference. 

The completed service script is transferred along path 186 to element 188 for 
storage. The service is stored as an object in the repository (see also Figs. 5 and 6). 
Storage is effected within the appropriate category 190 as discussed above, along with 
services 192, 194, and 196 within the same category. 

The process proceeds along path 198 to element 200 for testing. To perform the 
testing, the URL for the newly created service is entered into the browser of the internet 
terminal, if known. The typical URL is as follows: 
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http://machine-name/ICEGate/Category/Seivice 
If the URL for the new service is not known, a list of the available services may be 
determined from the Cool ICE system by specifying the Cool ICE URL as follows: 

http;://machine-name/ICEGate 
This call will result in a presentation of a menu containing the defined categories. 
Selecting a category from the list will result in a menu for the services defined within 
that category. The desired service can thus be selected for testing. Selection of the 
service by either means will result in presentation of the HTML page as shown at 
element 200. 

The process proceeds to element 204 via path 202, wherein the HTML page may 
be enhanced. This is accomplished by exporting the HTML document from the Cool 
ICE administration module to a directory for modification. By proceeding back to 
HTML document 180 via path 208, the exported HTML template is available for 
modification using a standard HTML authoring tool. After satisfactory completion, the 
finished HTML document is saved for future use. 
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Fig. 8 is a diagram showing a comparison between dialog-based structure 210 and 
service-based structure 212. Dialog-based structure 210 is the norm for the typical 
existing proprietary data base management system (e.g., Classic MAPPER). The user, 
5 normally sitting at a dedicated user terminal, transfers output screen 214 to the data base 
management system to request a service. The user terminal and its normally dedicated 
link are suspended at element 216 to permit transfer and operation of the data base 
management system. The input is validated at element 218, while the user terminal and 
its normally dedicated link remains suspended. 
"310 The data base management system processes the service request at element 220 

E i 

^ while the user terminal remains suspended. Output occurs at element 222 thereby 
yj releasing the suspension of the user terminal. Thus, a true dialog is effected, because 

In one part of the dialog pair (i.e., the user terminal) is suspended awaiting response from 

H the data base management system. This type of dialog is best accomplished in an 

yi5 environment wherein at least the user terminal (or data base management system) is 
„^ dedicated to the dialog, along with the link between user terminal and data base 

management system. 

Service-based structure 212 illustrates on of the basic constraints of the world 

wide web protocol. To ensure that each of the elements on the world wide web are 
20 sufficiently independent to prevent one element from unduly delaying or "hanging-up" 

another element to which it is coupled awaiting a response, the communication protocol 

forces a termination after each transmission. As can be readily seen, even the simplest 
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dialog requires at least separate and independent transactions or services. The first 
service, Service 224, involves the transmissions of output form 228 from the internet user 
terminal. This transmission is immediately and automatically followed by temiination 
230 to ensure independence of the sender and receiver. 

The second service, Seivice 226, enables the receiver of output form 228 to 
process the request and output an appropriate response. The validation of the input at 
element 232, processing 234, and output 236 all occur within the receiver of output form 
228. Immediately and automatically, termination 238 follows. Thus, if internet 
transactions are to be linked into a true dialog to permit data base management 
functions, the state must be saved from one service to the next as taught herein. 

In the preferred mode of the present invention, the state of a service is saved in 
the repository (see also Figs. 4 and 5) for use in the next or subsequent services. 
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Fig. 9 is a schematic diagram 240 of the preferred mode of the present invention 
showing normal data flow during operation, with special attention to the state saving 
feature. Work station 242 is an industry compatible personal computer operating under 
5 a commonly available operating system such as Windows 95. Browser 244 is a standard, 
commercially available web browser having frames capability. Path 248 is the normal 
world wide web path between work station 242 and web seiver 254 for the transfer of 
service requests and input data. These transfers are converted by Cool ICE gateway 256 
as explained above and sent to Cool ICE service handler 258 via path 266 for 
10 disposition., 

Tlie seivice request for data and/or another function is converted into the data 
base management language by reference to the service definition portion of repository 
262 through reference along path 276. The actual command language of the data base 
management system is utilized over path 286 to access data base 264. Tlie resultant data 

15 from data base 264 is transferred to Cool ICE administrator 290 via path 288. State 

manager 260 determines whether the original service request requires additional queries 
to data base 264 for completion of the dialog. If yes, the resultant data just received 
from data base 264 is transferred via path 284 to repository 262 for temporary storage, 
and the next query is initiated over path 286, and the process is repeated. This is the 

20 state saving pathway which is required to provide the user of the Cool ICE system to 
function in a dialog form over the world wide web. 

Upon receipt of the resultant data from the final query of data base 264, state 
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manager 260 determines that the service request is now complete. State manager 260 
notifies repository 262 via path 280, and the intermediate products are retrieved from 
temporary storage in repositoiy 262 via path 278 and suppHed to Cool ICE service 
handler 258 via path 272 for formatting. State manager 260 then clears the intermediate 
products from temporary storage in repository 262 via path 282. The final response to 
the service request is sent to Cool ICE gateway 256 via path 270 for translation and to 
browser 244 via path 250. 
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Fig. 10 is a detailed diagram 300 showing operation of the security system during 
the honoring of a service request. Tlie user, operating industiy compatible, personalized 
computer, workstation 302, formats a service requests via commercially available web 
5 browser 304. In the preferred mode of the present invention, this is accomplished by 

making a call to the Cool ICE system. The user simply requests access to the Cool ICE 
home page by transferring web browser 304 to the URL of Cool ICE system. After the 
Cool ICE home page has been accessed, one of the buttons is clicked requesting a 
previously defined service request. For additional detail on the service request 

JIO development process, see above and the above referenced commonly assigned, co- 

^ pending U.S. Patent Applications, 

y Tlie service request is transferred to web server 314 via world wide web path 306. 

y1 The service request is received by Cool ICE gateway 322 and translated for use within 

E 

the Cool ICE system. The request is referred to service handler 332 via path 324. In 
'^15 the preferred mode of practicing the present invention, service handler 332 is basically 
3 equivalent to the Classic MAPPER data base management system. The service request 

is passed to Cool ICE administration 344 via path 334 for retrieval of the command 
language script which describes the activities required of the data base management 
system to respond to the service request. 
20 Cool ICE administration 344 makes an access request of Cool ICE service portion 

340 of repository 342 via path 338. It is within Cool ICE service portion 340 of 
repository 342 that the command language script corresponding to the service request is 
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stored. The command language script is obtained and transferred via path 336 to service 
handler 332 for execution. Along with the command language script, a security profile, if 
any, is stored for the seivice request. As explained in the above referenced, commonly 
assigned, co-pending U.S. Patent Application, the security profile, if required, is added to 
5 the command language script file at the time of service request development by the 

service request developer. This security profile identifies which of the potential service 
requestors may actually be provided with a complete response. The security profile, if 
any, is similarly transferred to service handler 332 via path 336. 

If no security profile has been identified for the service request, service handler 
yiO 332 executes the command language script received via path 336 through access of 
Q remote database 316 via paths 318 and 320, as required. Tlie response is transferred to 
y Cool ICE gateway 322 via path 328 for conversion and transfer to workstation 302 via 
m world wide web path 310. 

H However, if a security profile has been identified for the service request, service 

yi5 handler 322 requests the user to provide a user-id via path 330, Cool ICE gateway 322, 
^ and world wide web path 312. Service handler 332 awaits a response via world wide web 

path 308, Cool ICE gateway 322, and path 326. Service handler 332 compares the user- 
id received to the security profile stored with the command language script. If the user 
matches the security profile, access is granted and service handler 322 proceeds as 
20 described above. If the user does not match with the stored security profile, the service 
request is not executed and the user is notified via diagnostic message. 
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Fig. 11 is a schematic diagram 350 sbovviug access by users with different security 
profiles to uiffeieiit portioi'is of the sauie data base 352. In this exaoiple, the user 
operating internet terminal 378 has a user-id which identifies the user as a manager 
5 within the human resources department of the subject enterprise. The human resources 
department is located at a facility of the enterprise which does not contain the hardware 
or software to be utilized in accessing the data base. Similarly, the user of internet 
terminal 382 is a manager within the accounts payable department of the enterprise who 
is located in yet another facility. The user of internet terminal 380 is a receptionist at 
j^O one of the manufacturing plants of the enterprise. 

03 Data base 352 is a data base prepared and maintained by the liuman resources 

y department of the enterprise. As such, it contains information concerning employees of 

m the enterprise having very different levels of sensitivity. Furthermore, access to some of 

p= the information concerning enterprise employees is regulated by federal and state law. 

""-15 By way of exaniple and not to be viewed as liniiting of the preseiit invention, data 

base 352 contains six (6) separate data tables. Fhone #'s 354 is a data table having the 
telephone numbers of the employees of the enterprise. Entry 366 is a record containing 
the telephone number of a particular one of the employees of the enterprise. Authority 
356 is a data table showing the dollar level of autuoriry of each of the employees to 
20 commit the enterprise to financial obligations (e.g., purchasing). Record 368 is the dollar 
level of authority of a particular one of the employees of the enterprise. 

Compensation 358 is a data table showing the annual compensation levels of each 
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of the employees of the enterprise. Entry 370 shows the current salary of a particular 
employee of the enterprise. Supervisor 360 is a data table listing the immediate 
supervisor of each employee of the enterprise. Data table Comp. History 362 provides 
the compensation history of each employee during the period of employment at the 
enterprise. Enliy 374 Is record of the compensation hisloiy of a given employee. Job 
Title 364 is a data table listing the job title of each employee. The job title of a given 
employee is found in sample record 376. 

The user-id of the operator of internet terminal 378 identifies her as a 
management level employee within the human resources department. In that capacity, 
she is charged within the enterprise with the creation and maintenance of data base 352. 
Therefore, as schematically shown, her user-id is correlated with a security profile giving 
her access to all of the data within data base 352. Thus, she is permitted by the Cool 
ICE system to read and modify any of the data within data base 352 via the world wide 
web. 

In the current example, internet terminal 380 is also coupled via the world wide 
web to data base 352. Tlie user-id of the operator of internet terminal 380 identifies him 
as a receptionist within one of the manufacturing plants of the enterprise and provides 
him with a corresponding security profile. In this job position, it is unnecessary, unwise, 
and probably illegal to give him general access to all of the infoniiation within data base 
352. However, the receptionist does have a need to access the telephone numbers of the 
employees of the enterprise as necessaiy to the performance of his job. In the preferred 
mode of the present invention, he is provided with access to only a single data table. 



38 



Phone #'s 354, within data base 352. Because the preferred mode of the present 
invention can restrict his access to a single data table within data base 352, he is given 
appropriate, and only appropriate access, without the need to duplicate the information 
from Plione #'s 354 as a separate data base. Providing such duplication is not only 
wasteful, but it presents extraordinaiy data base maintenance problems to ensure the 
duplicate copies of a given table remain consistent. 

Internet terminal 382 is operated by a management level employee within the 
accounts payable department. As part of her job, she is charged with the task of 
verifying that another employee requesting issuance of a check of the enterprise in 
payment of a debt of the enterprise, actually has been granted a dollar authority 
consistent with his request. Tlierefore, she has a need for access to the data table 
Authority 356. Record 368 of Authority 356 specifies the dollar level of authority of the 
requesting employee. 

However, the management level employee within the accounts payable 
department has no need for access to the remainder of the sensitive data within data 
base 352. Tlierefore, her user-id correlates with a security profile giving her access only 
to Authority 356 and no other data within data base 352. 
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Fig. 12 is a view of llie highest level window 344 of Cool ICE Administration (see 
also above). It is the Cool ICE Administration module which is responsible for 
maintaining the security profiles of each service request and data element. Cool ICE 
Administration window 344, as identified by title 346, is directly available from the Cool 
ICE main menu. Tlie Cool ICE main menu is displayed in response to a transfer to the 
Cool ICE URL (see also above). Security button 348 is provided for access to the 
security maintenance functions of the Cool ICE Administration module. Clicking on 
security button 348 provides entiy to the security maintenance functions. 
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Fig. 13 is a view of security maintenance main window 360, which is reached by 
clicking on security button 348 (see also above). Of course, access to security 
maintenance main window 360 requires a user-id correlating with a security profile 
5 adequate to security profile maintenance. Title 362 identifies security maintenance main 
window 360. 

The user must access the security profile table of the service request and/or data 
base of interest using select button 378. In the present example, the manager from the 
human resources department is utilizing internet terminal 378 to maintain the view of the 
JlO security definitions for data base 352 (see also Fig. 11). The interface hierarchy provides 
n a list 386 of the tables within data base 352. Authority caption 388 is selected providing 

y access to the security profiles for Authority 356 (see also Fig. 11). 

yl The security profiles currently corresponding to Authority 356 are displayed in the 

f; profile window. HR 380 shows that the human resources security profile is to be 

15 provided access to table Authority 356 of data base 352. Similariy, A. Payable 382 shows 
Q that the accounts payable manager previously identified as the user of internet terminal 

382 is also to be provided access to Authority 356 of data base 352. Empty space 384 
shows that no other security profiles are currently to be provided access to Authority 
356. 

20 Button 368 enables an authorized user to add an additional security profile for 

access to Authority 356. Button 370 permits and authorized user to modify an existing 
security profile. Button 372 permits removal of a security profile. Button 374 establishes 
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leiaheritance. Button 376 provides au authorized user with a report of the security 
profiles corresponding to a given data table. Button 366 permits the user to save a new 
or modified security profile allocation. Hie remaining buttons are deemed to be self 
explanatory. 
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Having thus described the preferred embodiments of the present invention, those 
of skill in the art will be readily able to adapt the teachings found herein to yet other 
embodiments within the scope of the claims hereto attached. 

WE CLAIM: 
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